|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical AS3303 customer under attack
Dear NOC /Nanog, We (Swisscom, AS3303) have a customer that is being attacked for about 5 days now. It is a DOS attack with spoofed source IP addresses. The destination network is: 193.77.0.0/16 , as-path 3303 8437 5603 2610 The attack is (at least !) 100Mb/s, and is coming from different peers. Yesterday it was on our peerings with AS7018 and AS6453 in Palo-Alto, today seems to be more on the AADS in Chicago. I applied the following packet filter (access-list 19 below) to all our external links, and there is a huge amount of packet with those source IP coming in. Although we drop these packets at our ingress, may i ask everyone peering with us (and others if you feel concerned) to configure that packet filter in output ? Thanks a lot for your help (or feedback if you are also experiencing such problems) and have a nice day Andr� ----------------------------------------------------------------------- access-list 19 deny 0.0.0.0 0.255.255.255 access-list 19 deny 1.0.0.0 0.255.255.255 access-list 19 deny 2.0.0.0 0.255.255.255 access-list 19 deny 5.0.0.0 0.255.255.255 access-list 19 deny 7.0.0.0 0.255.255.255 access-list 19 deny 10.0.0.0 0.255.255.255 access-list 19 deny 14.0.0.0 0.255.255.255 access-list 19 deny 23.0.0.0 0.255.255.255 access-list 19 deny 31.0.0.0 0.255.255.255 access-list 19 deny 36.0.0.0 0.255.255.255 access-list 19 deny 37.0.0.0 0.255.255.255 access-list 19 deny 39.0.0.0 0.255.255.255 access-list 19 deny 41.0.0.0 0.255.255.255 access-list 19 deny 42.0.0.0 0.255.255.255 access-list 19 deny 58.0.0.0 1.255.255.255 access-list 19 deny 60.0.0.0 0.255.255.255 access-list 19 deny 70.0.0.0 1.255.255.255 access-list 19 deny 72.0.0.0 7.255.255.255 access-list 19 deny 82.0.0.0 1.255.255.255 access-list 19 deny 84.0.0.0 3.255.255.255 access-list 19 deny 88.0.0.0 7.255.255.255 access-list 19 deny 96.0.0.0 31.255.255.255 access-list 19 deny 169.254.0.0 0.0.255.255 access-list 19 deny 172.16.0.0 0.15.255.255 access-list 19 deny 176.0.0.0 15.255.255.255 access-list 19 deny 192.0.0.0 0.0.0.255 access-list 19 deny 192.0.2.0 0.0.0.255 access-list 19 deny 192.168.0.0 0.0.255.255 access-list 19 deny 222.0.0.0 1.255.255.255 access-list 19 deny 224.0.0.0 31.255.255.255 access-list 19 permit any --------------------- Andre Chapuis IP+ Engineering Swisscom Ltd Genfergasse 14 3050 Bern +41 31 893 89 61 [email protected] CCIE #6023 ---------------------- |